Under the Network tab in the left menu, click on name of the network in which you'd like to set the tunnel. Locate the desired gateway, click the three dotted icon and press Add Tunnel and then IPSec Site-2-Site Tunnel.b. The following window will pop:At the General Settings section fill in according to the following:

Name: Choose whatever name you find suitable for the tunnel.

Shared Secret: Insert a string of your own or usr the Generate button.

Public IP: Insert the public IP of the location server.

Remote IP: Insert the public IP of the location server.

Perimeter 81 Gateway Proposal Subnets: by default this should be set to 10.255.0.0/16

Leave the rest of the fields with the default values (as shown in the attached screenshot).

Step 2: Configure the Tunnel at the FortiGate Management Interface

Open the FortiGate management interface.

In the left panel, choose VPN, then IPsec Tunnels, and press Create New.

In the VPN Creation Wizard window set the Name to Perimeter 81 (or any other name you desire) and the Template Type to General tab and press Next.

Fill in the according to the following:

Network Section:

IP Version: IPv4

Remote Gateway: Static IP Address

IP Address: Insert the public IP of the location server

Interface: select your WAN interface.

Mode Config: unchecked.

NAT Traversal: Disable.

Dead Peer Detection: On Demand.

Authentication section:

Method: Pre-shared Key

Pre-shared Key: Insert the Shared Key you chose at Step 1.

IKE Version: 1

Mode: Main (ID protection)

Phase 1 Proposal section:

Encryption: AES256

Authentication: SHA256

Diffe-Hellman Group: 21

Key Lifetime (seconds): 86400

Local ID: leave blank

XAUTH Section leave disabled

Phase 2 Selectors (+Advanced) section:

Name: Perimeter 81

Local Address: Subnet, 0.0.0.0/0.0.0.0

Remote Address: Subnet, 10.255.0.0/255.255.0.0

Enable Replay Detection: Checked

Enable Perfect Forward Secrecy (PFS): Checked

Diffe-Hellman Group: 21

Encryption: AES256

Authentication: SHA256

Local Port: checked

Remote Port: checked

Protocol: checked

Key Lifetime: Seconds

Seconds: 43200

Step 3: Configure Firewall and Static Routing

It is needed to add static routes from the Perimeter 81 subnet (10.255.0.0/16) to the local network and from the local network to the Perimeter 81 subnet (10.255.0.0/16) to the local network to fo through the VPN tunnel gateway.Go to Network -> Routing -> Static Routes -> Create new -> Route

Set Destination to 10.255.0.0/16 and the Device: Perimeter 81 (or any other name you chose for the tunnel). Click OK.

It is needed to add firewall rules to allow traffic from the Perimeter 81 subnet (10.255.0.0/16) to your local network or services you desire. Go to Policy & Objects -> IPv4 Policy and click Create New. Once the settings window opens fill in according to the following and then click OK:

Name: Perimeter 81

Incoming Interface: Perimeter 81

Outgoing Interface: Your local network object

Source: All

Destination: All

Schedule: Always

Service: All

NAT: Disabled

If any additional settings appear, leave them in their default status.

Step 4: Make Sure the Tunnel is Up

At the FortiGate Management Interface, go to VPN -> IPSec Tunnels.If the tunnel is up the line will appear at the table:

If you experience differently, make sure you meticulously went through all the steps, however in case the issue persist please contact our support team.